OpenBSD src changes summary for 2017-10-15 to 2017-10-22 inclusive ==================================================================
bin/ksh distrib/miniroot distrib/sets distrib/special distrib/syspatch etc/MAKEDEV.common etc/etc.alpha/MAKEDEV etc/etc.amd64/MAKEDEV etc/etc.arm64/MAKEDEV etc/etc.armv7/MAKEDEV etc/etc.hppa/MAKEDEV etc/etc.i386/MAKEDEV etc/etc.landisk/MAKEDEV etc/etc.loongson/MAKEDEV etc/etc.luna88k/MAKEDEV etc/etc.macppc/MAKEDEV etc/etc.octeon/MAKEDEV etc/etc.sgi/MAKEDEV etc/etc.socppc/MAKEDEV etc/etc.sparc64/MAKEDEV etc/examples/dhclient.conf include/Makefile include/elf.h include/pthread.h include/pthread_np.h include/sched.h include/semaphore.h lib/libc lib/libedit lib/libpthread lib/librthread lib/libsndio libexec/login_yubikey libexec/spamd regress/lib regress/sys regress/usr.bin regress/usr.sbin sbin/dhclient sbin/growfs sbin/route share/man share/mk sys/arch/alpha/pci sys/arch/amd64/amd64 sys/arch/amd64/conf sys/arch/amd64/include sys/arch/amd64/stand/biosboot sys/arch/amd64/stand/boot sys/arch/amd64/stand/cdboot sys/arch/amd64/stand/mbr sys/arch/amd64/stand/pxeboot sys/arch/i386/conf sys/arch/i386/i386 sys/arch/i386/include sys/arch/i386/stand/biosboot sys/arch/i386/stand/boot sys/arch/i386/stand/cdboot sys/arch/i386/stand/mbr sys/arch/i386/stand/pxeboot sys/arch/mips64/conf sys/arch/mips64/include sys/arch/octeon/dev sys/arch/powerpc/ddb sys/arch/sparc64/conf sys/arch/sparc64/include sys/arch/sparc64/stand/bootblk sys/conf sys/ddb sys/dev/ic sys/dev/microcode sys/dev/pci sys/dev/usb sys/kern sys/net sys/net80211 sys/netinet sys/netinet6 sys/sys usr.bin/ctfconv usr.bin/ctfdump usr.bin/deroff usr.bin/fstat usr.bin/rcs usr.bin/rdist usr.bin/sdiff usr.bin/spell usr.bin/ssh usr.bin/tmux usr.bin/xargs usr.sbin/acme-client usr.sbin/apmd usr.sbin/bgpctl usr.sbin/bgpd usr.sbin/eeprom usr.sbin/ocspcheck usr.sbin/pkg_add usr.sbin/radiusd usr.sbin/rpc.statd usr.sbin/slowcgi usr.sbin/smtpd usr.sbin/tftp-proxy == bin =============================================================== 01/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/bin ksh ~ history.c > The return value of this function isn't used. > ok anton@ tb@ (jca@) ~ misc.c ~ sh.h > Delete the deprecated emacs-usemeta option. > ok tb@ anton@ (jca@) == distrib =========================================================== 02/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/distrib miniroot ~ install.sub > Change v4_config() and v6_config() > - to support CIDR notation for the answers to the > "IPv4 address for <if>?" and "IPv6 address for <if>?" questions > - to not ask for netmask and prefix lenght if CIDR is used > - to ask the questions again if ifconfig fails with the provided input > Triggered by a report from landry@. > Using ideas from sthen@ > OK deraadt@ tb@ (rpe@) ~ install.sub > On systems without dhclient, ask IPv4 question again if 'dhcp' was choosen. > Spotted by halex@ (rpe@) sets ~ lists/comp/mi > sync (deraadt@) special ~ route/Makefile > remove the remaining references to .depend files since nothing creates them > any longer; ok espie@ deraadt@ (naddy@) syspatch ~ bsd.syspatch.mk > remove the remaining references to .depend files since nothing creates them > any longer; ok espie@ deraadt@ (naddy@) == etc =============================================================== 03/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/etc MAKEDEV.common ~ MAKEDEV.common > Make it explicit that there is only one type of random device: > Create only /dev/urandom as device. > Create /dev/random and /dev/arandom as symlinks. > Drop /dev/srandom, which has been unused for a long time. > /dev/arandom will go away at a later point. > Discussed with guenther@, ok deraadt@ (naddy@) etc.alpha/MAKEDEV ~ etc.alpha/MAKEDEV > sync (naddy@) etc.amd64/MAKEDEV ~ etc.amd64/MAKEDEV > sync (naddy@) etc.arm64/MAKEDEV ~ etc.arm64/MAKEDEV > sync (naddy@) etc.armv7/MAKEDEV ~ etc.armv7/MAKEDEV > sync (naddy@) etc.hppa/MAKEDEV ~ etc.hppa/MAKEDEV > sync (naddy@) etc.i386/MAKEDEV ~ etc.i386/MAKEDEV > sync (naddy@) etc.landisk/MAKEDEV ~ etc.landisk/MAKEDEV > sync (naddy@) etc.loongson/MAKEDEV ~ etc.loongson/MAKEDEV > sync (naddy@) etc.luna88k/MAKEDEV ~ etc.luna88k/MAKEDEV > sync (naddy@) etc.macppc/MAKEDEV ~ etc.macppc/MAKEDEV > sync (naddy@) etc.octeon/MAKEDEV ~ etc.octeon/MAKEDEV > sync (naddy@) etc.sgi/MAKEDEV ~ etc.sgi/MAKEDEV > sync (naddy@) etc.socppc/MAKEDEV ~ etc.socppc/MAKEDEV > sync (naddy@) etc.sparc64/MAKEDEV ~ etc.sparc64/MAKEDEV > sync (naddy@) examples/dhclient.conf ~ examples/dhclient.conf > Remove stray, pointless and potentially confusing line. (krw@) == include =========================================================== 04/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/include Makefile ~ Makefile > Move the thread-related .h files to /usr/src/include/, since the > implementation is now spread between libc and librthread. No changes > to the content > ok mpi@ (guenther@) ~ Makefile > <elf.h> should make it easier to port our ELF-related tools to other > Unices. > For the moment it only includes <sys/exec_elf.h> but the goal is to > stop pulling it directly and also replace <elf_abi.h> at least for > base applications. > ok deraadt@, jasper@, naddy@ (mpi@) elf.h + elf.h > <elf.h> should make it easier to port our ELF-related tools to other > Unices. > For the moment it only includes <sys/exec_elf.h> but the goal is to > stop pulling it directly and also replace <elf_abi.h> at least for > base applications. > ok deraadt@, jasper@, naddy@ (mpi@) pthread.h + pthread.h > Move the thread-related .h files to /usr/src/include/, since the > implementation is now spread between libc and librthread. No changes > to the content > ok mpi@ (guenther@) pthread_np.h + pthread_np.h > Move the thread-related .h files to /usr/src/include/, since the > implementation is now spread between libc and librthread. No changes > to the content > ok mpi@ (guenther@) sched.h + sched.h > Move the thread-related .h files to /usr/src/include/, since the > implementation is now spread between libc and librthread. No changes > to the content > ok mpi@ (guenther@) semaphore.h + semaphore.h > Move the thread-related .h files to /usr/src/include/, since the > implementation is now spread between libc and librthread. No changes > to the content > ok mpi@ (guenther@) == lib =============================================================== 05/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib libc ~ arch/mips64/gen/ldexp.S > Do not use an uninitialized value when determining the sign > of a denormal result of ldexp(3). > The bug was found when investigating why denormal results > of pow(3) can have an incorrect sign on loongson. > pow(3) misbehaviour reported and fix tested by juanfra@ > No objection from deraadt@ (visa@) ~ gen/sysctl.3 > draft-ietf-tcpm-initcwnd was published as rfc 6928 (mikeb@) ~ gen/getpwnam.3 ~ gen/posix_spawn.3 ~ stdio/getdelim.3 ~ termios/tcgetsid.3 > add missing HISTORY; based on CVS logs and release announcements > (schwarze@) ~ stdlib/malloc.c > Restore a return that was inadvertently removed from freezero() in r1.234, > which results in an internal double free when internal functions are not > in use. > ok otto@ (jsing@) ~ sys/pledge.2 > Removed duplicated line. > ok jmc@ (tobias@) libedit ~ Makefile > remove the remaining references to .depend files since nothing creates them > any longer; ok espie@ deraadt@ (naddy@) libpthread - include/Makefile.inc - include/pthread.h - include/pthread_np.h - include/sched.h - include/semaphore.h > Move the thread-related .h files to /usr/src/include/, since the > implementation is now spread between libc and librthread. No changes > to the content > ok mpi@ (guenther@) librthread ~ Makefile > Move the thread-related .h files to /usr/src/include/, since the > implementation is now spread between libc and librthread. No changes > to the content > ok mpi@ (guenther@) libsndio ~ mio_open.3 > add missing HISTORY; based on CVS logs and release announcements > (schwarze@) == libexec =========================================================== 06/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/libexec login_yubikey ~ login_yubikey.8 > add missing HISTORY; based on CVS logs and release announcements > (schwarze@) spamd ~ sdl.c ~ sdl.h > Use a binary search to speed up blacklist lookups. OK phessler@ (millert@) ~ grey.c ~ sdl.c ~ sdl.h ~ spamd.c > Make blacklist entries override the whitelist. When running spamd > in greylisting mode, it is not uncommon for an IP to get whitelisted > before it shows up on a spam blacklist. With this change, spamd > will check its blacklists before adding a WHITE entry to the > <spamd-white> pf table. If the IP matches a blacklist, the WHITE > entry will be removed. OK phessler@ (millert@) == regress =========================================================== 07/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/regress lib ~ libc/Makefile + libc/ldexp/Makefile + libc/ldexp/ldexp_test.c > Add a regression test for ldexp(3). (visa@) ~ libpthread/Makefile + libpthread/pthread_once/Makefile + libpthread/pthread_once/pthread_once.c > Add regress test for cancellation of pthread_once()'s init_routine > From Scott Cheloha (scottcheloha (at) gmail.com) (guenther@) sys - net/etherip/etherip_1.sh - net/etherip/etherip_subr ~ net/etherip/Makefile > Move the test implementation into the Makefile. Then we have only > one place to look at. Make prints the commands it executes to > assist debugging and analysis. If the test fails, there are simple > regress targets that can be run to reproduce the error easily. (bluhm@) usr.bin ~ xargs/Makefile ~ xargs/xargs-L.sh > Specify the xargs binary to test using a variable. > While here, do not suppress the command executed by make. (anton@) ~ xargs/Makefile + xargs/xargs-copy.sh > Add test for memcpy() -> memmove() regression. (anton@) ~ ssh/allow-deny-users.sh ~ ssh/misc/kexfuzz/README > more RCSIDs (djm@) usr.sbin ~ syslogd/args-sendsyslog-dropped.pl > Update matching regexp now that the pid is included. > From bluhm@ (mpi@) == sbin ============================================================== 08/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sbin dhclient ~ clparse.c > Bring parse_reject_statement() into line by > returning 0/1 for success, etc. Simplify it > by only supporting a single ip address per > statement, as dhclient.conf(5) states. Don't > add duplicate addresses to the reject list. (krw@) ~ clparse.c > Sort & update syntax comments to match code. Sort > TOK_* case:'s alphabetically to make it easier to > find things. (krw@) ~ parse.c > Nuke special case for '\n' in skip_to_semi() and > associated weird comment about parsing resolv.conf. > dhclient.conf and dhclient.leases.<if> are semi-colon > oriented and not line oriented. '\n' is never returned > by get_token(). (krw@) ~ dhclient.8 ~ dhclient.conf.5 ~ dhclient.leases.5 > Flense dhclient.conf.5 down to useful information. Move > description of "lease {}" format to dhlcient.leases.5. > Neither implement standards so coalesce STANDARDS sections > into dhclient.8. AUTHOR and HISTORY sections not normally > used for .conf man pages so drop them. Many tweaks. > Language/formatting suggestions, stamp of approved by jmc@. (krw@) ~ conflex.c > Split eol() from get_char() so that token assmebly that is > terminated by a '\n' can generate error messages pointing > at the offending token, rather than pointing at a blank > line. (krw@) ~ conflex.c > prev_line and cur_line can be static. (krw@) ~ clparse.c > Bring parse_client_lease_statement() into the new world by > return 0/1 for success. (krw@) ~ clparse.c > Whitespace. (krw@) ~ clparse.c > Last but not least, bring parse_interface_declaration() > into the 0/1 for success world. (krw@) growfs ~ growfs.8 > add missing HISTORY; based on CVS logs and release announcements > (schwarze@) route ~ route.c > Print the correct message and return an error code when no route entry > matches the corresponding RTM_GET request. > Based on a submission from Julien Dhaille, ok bluhm@ (mpi@) ~ route.c > Do not print an extra line if the 'get' command succeeds. > Fix a regression introduced in previous. (mpi@) ~ route.c > Typo, from Hiltjo Posthuma. (mpi@) == share ============================================================= 09/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/share man ~ man4/etherip.4 ~ man4/gif.4 > ifconfig's tunnel command has been using the SIOCSLIFPHYADDR ioctl(2) > since 2001. > Never too late to correct a lie. (mpi@) ~ man4/random.4 > Full rewrite: > Remove much that was outdated, misleading, or irrelevant. > Add some lacking information instead. > Joint work with deraadt@, > using much feedback from guenther@ and naddy@, > OK deraadt@ jmc@ naddy@. (schwarze@) ~ man4/ehci.4 ~ man4/ipw.4 ~ man4/iwi.4 ~ man4/tap.4 ~ man4/udl.4 ~ man4/vether.4 ~ man4/vmx.4 ~ man4/wpi.4 ~ man7/tbl.7 > add missing HISTORY; based on CVS logs and release announcements > (schwarze@) ~ man4/options.4 > TCP_SACK is no longer optional. > OK mikeb@ (job@) mk ~ bsd.dep.mk > remove the remaining references to .depend files since nothing creates them > any longer; ok espie@ deraadt@ (naddy@) == sys =============================================================== 10/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys arch/alpha/pci ~ cia.c > Make sure the logic deciding whether to use BWX operations in cia(4) > operation uses the CPU capabilities, rather than a not-yet-initialized > variable which will eventually be set to the CPU capabilities. > from miod@ (mpi@) arch/amd64/amd64 ~ tsc.c > Correctly handle frequency measurement failures > Issue observed by Joe Gidi and canacar@. > While here, make sure that the success rate is at least 2 out of 3 > measurements but with an increased threshold. (mikeb@) ~ db_trace.c > Simplify code that determines the number of arguments for a given function. > For amd64 this means removing db_numargs() and directly setting > narg to the correct value (instead of capping it during iteration). > On i386 rename db_numargs() to db_i386_numargs() and only call it > when we fail to get the correct number out of CTF. > discussed with an ok mpi@ (jasper@) ~ identcpu.c ~ tsc.c > Set TSC timecounter frequency to the CPU frequency estimate if unknown > ok mlarkin (mikeb@) ~ tsc.c > Fixup previous; noticed by canacar@ (mikeb@) ~ tsc.c > Don't forget to set the timecounter frequency > Found the hard way, fix tested and OK mlarkin (mikeb@) arch/amd64/conf ~ files.amd64 > Add a machine-independent implementation for the mplock. > This reduces code duplication and makes it easier to instrument > lock primitives. > The MI mplock uses the ticket lock code that has been in use > on amd64, i386 and sparc64. These are the architectures that now > switch to the MI code. > The lock_machdep.c files are unhooked from the build but not > removed yet, in case something goes wrong. > OK mpi@, kettenis@ (visa@) arch/amd64/include ~ cpu.h ~ mplock.h > Add a machine-independent implementation for the mplock. > This reduces code duplication and makes it easier to instrument > lock primitives. > The MI mplock uses the ticket lock code that has been in use > on amd64, i386 and sparc64. These are the architectures that now > switch to the MI code. > The lock_machdep.c files are unhooked from the build but not > removed yet, in case something goes wrong. > OK mpi@, kettenis@ (visa@) ~ cpufunc.h > Don't do crazy bullshit when this is included by the bootblocks. (deraadt@) arch/amd64/stand/biosboot ~ Makefile > remove the remaining references to .depend files since nothing creates them > any longer; ok espie@ deraadt@ (naddy@) arch/amd64/stand/boot ~ Makefile > remove the remaining references to .depend files since nothing creates them > any longer; ok espie@ deraadt@ (naddy@) arch/amd64/stand/cdboot ~ Makefile > remove the remaining references to .depend files since nothing creates them > any longer; ok espie@ deraadt@ (naddy@) arch/amd64/stand/mbr ~ Makefile > remove the remaining references to .depend files since nothing creates them > any longer; ok espie@ deraadt@ (naddy@) arch/amd64/stand/pxeboot ~ Makefile > remove the remaining references to .depend files since nothing creates them > any longer; ok espie@ deraadt@ (naddy@) arch/i386/conf ~ files.i386 > Add a machine-independent implementation for the mplock. > This reduces code duplication and makes it easier to instrument > lock primitives. > The MI mplock uses the ticket lock code that has been in use > on amd64, i386 and sparc64. These are the architectures that now > switch to the MI code. > The lock_machdep.c files are unhooked from the build but not > removed yet, in case something goes wrong. > OK mpi@, kettenis@ (visa@) arch/i386/i386 ~ db_trace.c > Simplify code that determines the number of arguments for a given function. > For amd64 this means removing db_numargs() and directly setting > narg to the correct value (instead of capping it during iteration). > On i386 rename db_numargs() to db_i386_numargs() and only call it > when we fail to get the correct number out of CTF. > discussed with an ok mpi@ (jasper@) arch/i386/include ~ cpu.h ~ mplock.h > Add a machine-independent implementation for the mplock. > This reduces code duplication and makes it easier to instrument > lock primitives. > The MI mplock uses the ticket lock code that has been in use > on amd64, i386 and sparc64. These are the architectures that now > switch to the MI code. > The lock_machdep.c files are unhooked from the build but not > removed yet, in case something goes wrong. > OK mpi@, kettenis@ (visa@) arch/i386/stand/biosboot ~ Makefile > remove the remaining references to .depend files since nothing creates them > any longer; ok espie@ deraadt@ (naddy@) arch/i386/stand/boot ~ Makefile > remove the remaining references to .depend files since nothing creates them > any longer; ok espie@ deraadt@ (naddy@) arch/i386/stand/cdboot ~ Makefile > remove the remaining references to .depend files since nothing creates them > any longer; ok espie@ deraadt@ (naddy@) arch/i386/stand/mbr ~ Makefile > remove the remaining references to .depend files since nothing creates them > any longer; ok espie@ deraadt@ (naddy@) arch/i386/stand/pxeboot ~ Makefile > remove the remaining references to .depend files since nothing creates them > any longer; ok espie@ deraadt@ (naddy@) arch/mips64/conf ~ files.mips64 > Use MI mplock on mips64. > OK mpi@ (visa@) arch/mips64/include ~ cpu.h ~ mplock.h > Use MI mplock on mips64. > OK mpi@ (visa@) arch/octeon/dev ~ octmmc.c ~ octmmcreg.h > Utilize scatter/gather DMA with the newer MMC controller. (visa@) arch/powerpc/ddb ~ db_trace.c > add support for printing function arguments when displaying a trace > from DDB. this uses CTF to get the correct number of arguments. > ok mpi@ (jasper@) arch/sparc64/conf ~ files.sparc64 > Add a machine-independent implementation for the mplock. > This reduces code duplication and makes it easier to instrument > lock primitives. > The MI mplock uses the ticket lock code that has been in use > on amd64, i386 and sparc64. These are the architectures that now > switch to the MI code. > The lock_machdep.c files are unhooked from the build but not > removed yet, in case something goes wrong. > OK mpi@, kettenis@ (visa@) arch/sparc64/include ~ mplock.h > Add a machine-independent implementation for the mplock. > This reduces code duplication and makes it easier to instrument > lock primitives. > The MI mplock uses the ticket lock code that has been in use > on amd64, i386 and sparc64. These are the architectures that now > switch to the MI code. > The lock_machdep.c files are unhooked from the build but not > removed yet, in case something goes wrong. > OK mpi@, kettenis@ (visa@) arch/sparc64/stand/bootblk ~ Makefile > remove the remaining references to .depend files since nothing creates them > any longer; ok espie@ deraadt@ (naddy@) conf ~ GENERIC > Unconditionally enable TCP selective acknowledgements (SACK) > OK deraadt, mpi, visa, job (mikeb@) ddb ~ db_command.c > ddb "show all mounts" showed everything except the address of the > mount point. Print it to allow debugging through the data structures > from there. > OK krw@ (bluhm@) dev/ic ~ ar5211.c ~ ar5212.c > Initialize status return code in ar5k_ar5211_reset() and > ar5k_ar5212_reset(), > in the same way as ar5k_ar5210_reset() does it. > Error messages were displaying uninitialized values: > "ath_reset: unable to reset hardware; hal status 3497439432" > ok mpi@ (stsp@) ~ bwfm.c ~ bwfmreg.h > Set default join preferences to prefer APs based on the RSSI, with > a boost set to prefer 5GHz APs. (patrick@) ~ bwfm.c ~ bwfmreg.h > Clear up some defines regarding WPA cipher settings. This allows me > to attach to my WiFi AP. It looks like even though it's thought of > as a bitvector, the settings are exclusive. More tests will have to > occur to verify that theory. Add a comment to enabling the firmware > supplicant, mentioning its use is not really awesome. (patrick@) ~ bwfm.c > Handle wpa parameters using the ieee80211 ioctl so we can start > setting and allowing only the specified parameters. (patrick@) ~ bwfm.c ~ bwfmreg.h > Allow a more fine grained control about which ciphers to use. (patrick@) ~ bwfm.c > Only overwrite the caller's variable if we successfully read data from > the chip. (patrick@) ~ bwfm.c > Revert previous commit, since not all interfaces behaved the same. > (patrick@) ~ bwfm.c ~ bwfmreg.h > Extract supported frequencies and HT/VHT mode from the firmware instead > of assuming the chip supports both 2.4GHz and 5Ghz. > Based on a diff from Jared McNeill. (patrick@) ~ bwfm.c > Stop handling SIOCSIFMTU like in the wireless stack. > This driver does not use the net80211 stack, so let ether_ioctl() handle > it like any other Ethernet driver. > Suggested by and ok patrick@, ok stsp@ (mpi@) ~ bwfmreg.h > It turns out that using the packed attribute on most structs was a bad > idea since the brcmfmac implementation relies on the compiler generated > padding. Removing the packed attribute allows reading correct data from > the BSS info. As a next step it might be a good idea to pad the structs > manually. (patrick@) ~ bwfm.c ~ bwfmreg.h > Read and extract the channel number from the chanspec to beautify the > scan results. Since the channel number is encoded on both IO types in > the same way, we don't need to implement per IO type helpers for now. > (patrick@) ~ bwfmreg.h > Pad the holes in the struct to make sure compilers do not choose to > pad the structs in a different way. (patrick@) ~ bwfmvar.h ~ bwfm.c > Add a scan timeout so we can recover if the firmware decides not to > send us any answers to our request. (patrick@) ~ bwfm.c > Pass the SIOCG80211ALLCHANS and SIOCG80211STATS ioctls to our net80211 > which can handle those ioctls quite well for us. (patrick@) ~ bwfm.c > Disable promisc mode and accepting all multicast packets. These should > be properly enabled by the correct ioctls. (patrick@) ~ z8530reg.h > spelling fix; from miod (jmc@) ~ bwfm.c > Even though letting the firmware handle the handshake is nice from > a user perspective, it's rather horrible from a security perspective. > Especially since there has not only been the KRACK attack, but also > exploited wireless firmware. Thus this commit changes the way that > bwfm(4) is integrated into our network stack. Instead of making it > an Ethernet controller with some WiFi capability, deeply integrate > it into the net80211 stack. This way we can do the WPA handshake in > software and we don't have to reimplement or copy too much code from > the net80211 stack. Some code taken from NetBSD where Jared McNeill > committed bwfm(4) with net80211 integration as well. > Discussed with and "looks good" stsp@ (patrick@) ~ bwfmreg.h ~ bwfmvar.h > Even though letting the firmware handle the handshake is nice from > a user perspective, it's rather horrible from a security perspective. > Especially since there has not only been the KRACK attack, but also > exploited wireless firmware. Thus this commit changes the way that > bwfm(4) is integrated into our network stack. Instead of making it > an Ethernet controller with some WiFi capability, deeply integrate > it into the net80211 stack. This way we can do the WPA handshake in > software and we don't have to reimplement or copy too much code from > the net80211 stack. Some code taken from NetBSD where Jared McNeill > committed bwfm(4) with net80211 integration as well. > Discussed with and "looks good" stsp@ (patrick@) dev/microcode ~ aic7xxx/Makefile > remove the remaining references to .depend files since nothing creates them > any longer; ok espie@ deraadt@ (naddy@) dev/pci ~ drm/i915/intel_bios.c > drm/i915/bios: ignore HDMI on port A > From Jani Nikula > 33d1fa43aad4ca11f5d01ede363c1dbdd2010540 in linux 4.4.y/4.4.92 > 2ba7d7e0437127314864238f8bfcb8369d81075c in mainline linux > ok kettenis@ (jsg@) ~ if_iwm.c ~ if_iwmvar.h > In iwm(4), allocate command response buffers dynamically in a ring > instead of stashing responses in one single buffer in the softc. > Allows getting rid of a tsleep() which protected the single buffer. > Tested by myself and Carlos Cardenas on 7260, 7265, and 8260. > hurray ok deraadt@ (stsp@) ~ if_iwm.c > It's time I claimed proper copyright on this. (stsp@) dev/usb ~ if_bwfm_usb.c > Similar to other USB based backend drivers, have a list of TX/RX > buffers. By storing the pointer of the TX mbuf in the TX buffer, > we can make sure to free the mbuf properly after TX completed. > This also seems to speed up the WiFi scan. > previous version ok stsp@ (patrick@) ~ if_bwfm_usb.c > Don't forget to free the firmware in the error path, and make sure to > pass the proper size. > Caught by Jared McNeill. (patrick@) ~ if_bwfm_usb.c > Don't just return but setup and resubmit the transfer if we're not > getting the data we expect to be getting. Otherwise the firmware > can starve our USB RX descriptors using invalid packets. > Caught by Jared McNeill. (patrick@) ~ if_umb.c > Kill dead ioctl handlers. > SIOCGIF{HARD,}MTU are handled by ifioctl() and not passed down to > drivers. > ok visa@ (mpi@) ~ if_bwfm_usb.c > Initialize all fields in the BCDC protocol, otherwise the controller > behaves erratically and drops packets on TX. Found the hard way by > Jared McNeill. While there, also set the priority field. > ok stsp@ (patrick@) kern ~ subr_log.c > Print the pid of the most recent program that failed to send a log > via sendsyslog(2) along with the corresponding errno. > Help when troubleshooting which program is triggering an error, like > an overflow. > ok bluhm@ (mpi@) ~ kern_lock.c > Add a machine-independent implementation for the mplock. > This reduces code duplication and makes it easier to instrument > lock primitives. > The MI mplock uses the ticket lock code that has been in use > on amd64, i386 and sparc64. These are the architectures that now > switch to the MI code. > The lock_machdep.c files are unhooked from the build but not > removed yet, in case something goes wrong. > OK mpi@, kettenis@ (visa@) net ~ if.c > Change most of the returns into breaks. This will let us release a lock. > While here add error checks for SIOC{A,D}IFGROUP. > ok sashan@, bluhm@, visa@ (mpi@) ~ if_enc.c ~ pfkeyv2.c > Last changes before running IPsec w/o KERNEL_LOCK(). > Put more NET_ASSERT_LOCK() and document which globals it protects. > Add a mutex for pfkeyv2 globals. > Convert ipsp_delete_acquire() to timeout_set_proc(). > Tested by Hrvoje Popovski, ok bluhm@ visa@ (mpi@) ~ if.c > Multiple tweaks: > - Assert that all drivers declare a if_ioctl function pointer and stop > checking it against NULL. > - Do not use return statements in ifioctl() where a lock is needed. > - Call if_setlladdr() only if the underlying driver did not report an > error. > ok bluhm@ (mpi@) ~ if.c ~ if_gif.c > Remove kernel support for the following ioctl(2)s, deprecated since 2001: > - SIOCSIFPHYADDR > - SIOCSIFPHYADDR_IN6 > - SIOCGIFPSRCADDR > - SIOCGIFPSRCADDR_IN6 > - SIOCGIFPDSTADDR > - SIOCGIFPDSTADDR_IN6 > ok bluhm@ (mpi@) ~ if_loop.c > There was a possible stack overrun in the network since we had > removed some queueing. lo(4) output called the ip input routines > without a queue. So if a packet looped through the kernel, the > kernel stack filled up. > Use M_LOOP to find recursive calls to looutput(). This flag is set > when a packet goes through the loopback interface. Avoid an > additional queueing if the packet goes to lo(4) only once. As there > may be gif(4), bridge(4), pair(4), ipsec(4), rdomain(4), ... setups > that legitimately pass lo(4) more than once, use the interface input > queue for these cases. > Packets in the queue run through ip forward. There the TTL is > decremented and the packet is finally processed or dropped. > found by markus@; OK mpi@ sashan@ (bluhm@) ~ if_gre.c ~ if_spppsubr.c > Kill dead ioctl handlers. > SIOCGIF{HARD,}MTU are handled by ifioctl() and not passed down to > drivers. > ok visa@ (mpi@) net80211 ~ ieee80211_pae_input.c > Add comments which document already fixed WPA attack vectors. (stsp@) ~ ieee80211_output.c ~ ieee80211_proto.h > Make ieee80211_classify() available in a header so we can make the > priority visible to underlying bus protocols like bwfm(4)'s bcdc. > (patrick@) netinet ~ ip_ipsp.c ~ ip_ipsp.h ~ ip_spd.c > Last changes before running IPsec w/o KERNEL_LOCK(). > Put more NET_ASSERT_LOCK() and document which globals it protects. > Add a mutex for pfkeyv2 globals. > Convert ipsp_delete_acquire() to timeout_set_proc(). > Tested by Hrvoje Popovski, ok bluhm@ visa@ (mpi@) ~ ip_carp.c > Handle the case where the parent of a carp(4) is being destroyed > while packets where being passed to IPsec tasks. > Found the hardway by Hrvoje Popovski. > ok phessler@, claudio@ (mpi@) ~ ip_icmp.c > When reusing an mbuf at the upper end of the network stack, strip > off the mbuf properties with m_resethdr(). It is a new packet, > especially M_LOOP indicating that it was running through lo(4) > should be cleared. Use the ph_loopcnt to prevent looping at the > upper end of the stack. Although not strictly necessary in icmp > reflect, it is a good idea to increase and check the counter here, > like in socket splicing. > OK mpi@ sashan@ (bluhm@) ~ in.c > Do not test if if_ioctl is NULL, it isn't. > ok florian@, claudio@, visa@, bluhm@ (mpi@) ~ tcp_input.c ~ tcp_output.c ~ tcp_subr.c ~ tcp_timer.c ~ tcp_usrreq.c ~ tcp_var.h > Unconditionally enable TCP selective acknowledgements (SACK) > OK deraadt, mpi, visa, job (mikeb@) netinet6 ~ in6.c > Remove kernel support for the following ioctl(2)s, deprecated since 2001: > - SIOCSIFPHYADDR > - SIOCSIFPHYADDR_IN6 > - SIOCGIFPSRCADDR > - SIOCGIFPSRCADDR_IN6 > - SIOCGIFPDSTADDR > - SIOCGIFPDSTADDR_IN6 > ok bluhm@ (mpi@) ~ icmp6.c ~ ip6_input.c > Setting the IPV6_MINMTU flag in the call to ip6_output() was moved > from icmp6_reflect() to ip6_send_dispatch() when ip6_send() was > introduced. Move the comment that explains this flag also to the > place where it is used. > from sashan@ (bluhm@) ~ icmp6.c > When reusing an mbuf at the upper end of the network stack, strip > off the mbuf properties with m_resethdr(). It is a new packet, > especially M_LOOP indicating that it was running through lo(4) > should be cleared. Use the ph_loopcnt to prevent looping at the > upper end of the stack. Although not strictly necessary in icmp > reflect, it is a good idea to increase and check the counter here, > like in socket splicing. > OK mpi@ sashan@ (bluhm@) ~ in6.c > Do not test if if_ioctl is NULL, it isn't. > ok florian@, claudio@, visa@, bluhm@ (mpi@) sys ~ mplock.h > Add a machine-independent implementation for the mplock. > This reduces code duplication and makes it easier to instrument > lock primitives. > The MI mplock uses the ticket lock code that has been in use > on amd64, i386 and sparc64. These are the architectures that now > switch to the MI code. > The lock_machdep.c files are unhooked from the build but not > removed yet, in case something goes wrong. > OK mpi@, kettenis@ (visa@) ~ exec_elf.h > Add missing SHN_XINDEX needed by devel/ctftools. > Reported by and ok naddy@ (mpi@) ~ mbuf.h > There was a possible stack overrun in the network since we had > removed some queueing. lo(4) output called the ip input routines > without a queue. So if a packet looped through the kernel, the > kernel stack filled up. > Use M_LOOP to find recursive calls to looutput(). This flag is set > when a packet goes through the loopback interface. Avoid an > additional queueing if the packet goes to lo(4) only once. As there > may be gif(4), bridge(4), pair(4), ipsec(4), rdomain(4), ... setups > that legitimately pass lo(4) more than once, use the interface input > queue for these cases. > Packets in the queue run through ip forward. There the TTL is > decremented and the packet is finally processed or dropped. > found by markus@; OK mpi@ sashan@ (bluhm@) == usr.bin =========================================================== 11/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin ctfconv ~ ctfconv.1 > add missing HISTORY; based on CVS logs and release announcements > (schwarze@) ctfdump ~ ctfdump.c > Typo in header dump, from sbz@FreeBSD (mpi@) ~ ctfdump.1 > add missing HISTORY; based on CVS logs and release announcements > (schwarze@) deroff ~ deroff.1 > add missing HISTORY; based on CVS logs and release announcements > (schwarze@) fstat ~ fuser.1 > add missing HISTORY; based on CVS logs and release announcements > (schwarze@) rcs ~ rcs.1 > add missing HISTORY; based on CVS logs and release announcements > (schwarze@) rdist ~ Makefile > remove the remaining references to .depend files since nothing creates them > any longer; ok espie@ deraadt@ (naddy@) sdiff ~ sdiff.1 > add missing HISTORY; based on CVS logs and release announcements > (schwarze@) spell ~ spell.1 > add missing HISTORY; based on CVS logs and release announcements > (schwarze@) ssh ~ ssh_config.5 > In the description of pattern-lists, clarify negated matches by > explicitly stating that a negated match will never yield a positive > result, and that at least one positive term in the pattern-list must > match. bz#1918 (djm@) ~ ssh_config.5 > remove unused Pp; (jmc@) ~ bitmap.c ~ bitmap.h ~ opacket.c ~ opacket.h > add RCSIDs to these; they make syncing portable a bit easier (djm@) ~ misc.c ~ misc.h ~ readconf.c ~ readconf.h ~ scp.1 ~ scp.c ~ sftp.1 ~ sftp.c ~ ssh.1 ~ ssh.c ~ ssh_config.5 > Add URI support to ssh, sftp and scp. For example ssh://user@host > or sftp://user@host/path. The connection parameters described in > draft-ietf-secsh-scp-sftp-ssh-uri-04 are not implemented since the > ssh fingerprint format in the draft uses md5 with no way to specify > the hash function type. OK djm@ (millert@) tmux ~ resize.c ~ screen-redraw.c ~ server-client.c ~ status.c ~ tmux.h ~ tty.c > Infrastructure for drawing status lines of more than one line in height, > still only one is allowed but this lets tmux draw bigger ones. (nicm@) ~ status.c > Clear status line with spaces again so reverse works, spotted by sthen. > (nicm@) ~ window-tree.c > Use window_pane_index() when drawing pane numbers (so pane-base-index is > applied), from Thomas Adam. GitHub issue 1125. (nicm@) xargs ~ xargs.c > Favor memmove() over memcpy() since dst and src originates from the same > allocation and may therefore overlap. > ok deraadt@ (anton@) == usr.sbin ========================================================== 12/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin acme-client ~ acme-client.1 > add missing HISTORY; based on CVS logs and release announcements > (schwarze@) ~ parse.y > fix a use after free and a memory leak in error paths > ok deraadt@ florian@ (jsg@) apmd ~ apmd.c > Kill unused defines (jca@) bgpctl ~ bgpctl.8 ~ bgpctl.c ~ parser.c > Add "ssv" variant which turns a rib route output into a single > semicolon-seperated line, so that grep and such can operate easier; > then use tr ';' '\n' to convert it to normal form later. This helps > with scanning vast swathes of routes.. > ok benno claudio job (deraadt@) ~ bgpctl.c > Ensure last character in ssv mode is a newline > OK benno@ (job@) bgpd ~ bgpd.h > Add "ssv" variant which turns a rib route output into a single > semicolon-seperated line, so that grep and such can operate easier; > then use tr ';' '\n' to convert it to normal form later. This helps > with scanning vast swathes of routes.. > ok benno claudio job (deraadt@) ~ parse.y > don't try to print uninitialised memory as a string in error paths > ok deraadt@ claudio@ (jsg@) eeprom ~ optree.c > Tweak heuristics to make sure /memory properties are more likely to be > printed as hex. > ok visa@ (kettenis@) ocspcheck ~ ocspcheck.8 > add missing HISTORY; based on CVS logs and release announcements > (schwarze@) pkg_add ~ OpenBSD/Vstat.pm > make messages involving fs clearer, parse the mount point AND the device > and display a name (/dev/sd0h on /usr/local) based on that (espie@) radiusd ~ radiusd.8 > add missing HISTORY; based on CVS logs and release announcements > (schwarze@) rpc.statd ~ rpc.statd.8 > add missing HISTORY; based on CVS logs and release announcements > (schwarze@) slowcgi ~ slowcgi.8 > add missing HISTORY; based on CVS logs and release announcements > (schwarze@) smtpd ~ smtp_session.c > remove useless initialisation (eric@) ~ smtp_session.c > When adding a missing "Date" header, use the same timestamp as the > "Received" > header for consistency. > ok gilles@ (eric@) tftp-proxy ~ tftp-proxy.8 > add missing HISTORY; based on CVS logs and release announcements > (schwarze@) =============================================================================== _______________________________________________ owc mailing list [email protected] http://www.squish.net/mailman/listinfo/owc
